Author Topic: I have no idea what happened, Please who knows what it is?  (Read 6143 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
I have no idea what happened, Please who knows what it is?
« on: February 09, 2016, 01:05:51 AM »
Hello
3 days ago I was searching for snipping tool program, didn't know which I want. So I went to http://download.cnet.com and download around 15 programs (custom install nothing else except the actual program to install).... each by each I tried them all, installed -> tried -> uninstalled! After restart my System acts funny, windows, programs flicking-blicking once in a while and once in a while act crazy cannot click or right mouse menu doesn't appear...... I ran Avast (full, smart, on-boot) and  ran Ad-aware - didn't find anything, cleaned all temps, cleaned all PC using CCleaner, also Reg Orginizer, found all files which these new programs left - deleted them all. One strange thing that I still see 3-4 leftovers of the programs in taskbar.... here short video https://youtu.be/2fiPF0AObHY  what could it be? Do restore point will help? Do drivers damaged? Do PC infected?
THanks
« Last Edit: February 10, 2016, 01:14:10 AM by samsimonusa »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: I have no idea what happened, Please who knows what it is?
« Reply #1 on: February 09, 2016, 01:08:01 AM »
Run a scan with Malwarebytes


REDACTED

  • Guest
Re: I have no idea what happened, Please who knows what it is?
« Reply #2 on: February 09, 2016, 01:11:49 AM »
Which one you recommend?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user

REDACTED

  • Guest
Re: I have no idea what happened, Please who knows what it is?
« Reply #4 on: February 09, 2016, 01:46:23 AM »
One issue

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: I have no idea what happened, Please who knows what it is?
« Reply #5 on: February 09, 2016, 01:56:36 AM »
One issue?
The MBam logs already shows around a dozen issues >:(

REDACTED

  • Guest
Re: I have no idea what happened, Please who knows what it is?
« Reply #6 on: February 09, 2016, 01:58:53 AM »
"one issue" i meant that aswmbr.exe just doesn't work so far )

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I have no idea what happened, Please who knows what it is?
« Reply #7 on: February 09, 2016, 04:03:04 PM »
Let me know what problems remain after this

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
BHO-x32: No Name -> {5D44FA23-B295-DB3B-E652-38D265315357} -> No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {F52BE5FE-E612-1C31-2C7D-B1E9B86251AD} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
CHR HKU\S-1-5-21-978410073-846054053-3847043086-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - <no Path/update_url>
CHR HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [blklojfklgnogjaijkibhfjepakiocng] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - <no Path/update_url>
2016-02-07 19:53 - 2016-02-07 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Organizer
2016-02-07 19:53 - 2016-02-07 19:53 - 00000000 ____D C:\Program Files (x86)\Reg Organizer
2016-02-07 13:53 - 2016-02-07 13:53 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2016-02-07 13:53 - 2016-02-07 13:53 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-02-07 11:52 - 2016-02-07 11:53 - 00000000 ____D C:\Users\Michael\AppData\Local\._LiveCode_
2016-02-07 11:52 - 2016-02-07 11:52 - 00000026 ____H C:\ProgramData\.d59546f61165ae53742c10f688282916.dat
2016-02-07 11:48 - 2016-02-07 11:48 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Greenshot
2016-02-07 11:48 - 2016-02-07 11:48 - 00000000 ____D C:\Users\Michael\AppData\Local\Greenshot
2016-02-07 11:37 - 2016-02-07 11:37 - 00000000 ____D C:\Users\Michael\AppData\Roaming\FastStone
2016-02-07 11:37 - 2016-02-07 11:37 - 00000000 ____D C:\Users\Michael\AppData\Local\FastStone
2016-02-07 00:12 - 2016-02-07 00:12 - 00000000 ____D C:\Program Files (x86)\Windows Media Adapter v615
2016-02-07 00:01 - 2016-02-07 00:15 - 00000000 ____D C:\Users\Michael\Documents\My Recordings
2016-02-07 00:01 - 2016-02-07 00:15 - 00000000 ____D C:\Users\Michael\AppData\Local\DeskShare Data
2016-02-07 00:01 - 2016-02-07 00:15 - 00000000 ____D C:\ProgramData\Deskshare
2016-02-07 00:01 - 2016-02-07 00:01 - 00000000 ____D C:\Users\Michael\AppData\Local\Spoon
2016-02-06 22:44 - 2016-02-07 10:50 - 00000000 ____D C:\Program Files (x86)\360
2016-02-07 14:56 - 2013-11-07 22:53 - 00000000 ____D C:\Program Files (x86)\surf! aeNad ekiEeepp
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-978410073-846054053-3847043086-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> no filepath
Task: {2C0322ED-0959-44F9-9F12-55BC1E1CB4D4} - System32\Tasks\{BEF870CB-7227-47EE-BFF8-D73327F67207} => pcalua.exe -a "C:\Program Files (x86)\Shop-Up\Uninstall.exe" -c /fromcontrolpanel=1
Task: {96A218EC-591A-44A6-87B8-9C4F9F3DE2AD} - System32\Tasks\{20739B55-D290-44CD-BC17-A1EB9BC21741} => pcalua.exe -a C:\PROGRA~2\HOTLLA~1\Player\UNWISE.EXE -c C:\PROGRA~2\HOTLLA~1\Player\INSTALL.LOG
C:\ProgramData\.d59546f61165ae53742c10f688282916.dat
C:\Program Files (x86)\Shop-Up
C:\PROGRA~2\HOTLLA~1
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

REDACTED

  • Guest
Re: I have no idea what happened, Please who knows what it is?
« Reply #8 on: February 09, 2016, 10:49:51 PM »
Thx. Still flicking-blicking while using Mozilla Firefox... overall seems that PC working ok. I restarted Mozilla and deleted all extensions.
« Last Edit: February 09, 2016, 10:58:19 PM by samsimonusa »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I have no idea what happened, Please who knows what it is?
« Reply #9 on: February 09, 2016, 11:16:51 PM »
Is firefox still playing up after removing the extensions

REDACTED

  • Guest
Re: I have no idea what happened, Please who knows what it is?
« Reply #10 on: February 09, 2016, 11:23:46 PM »
After REFRESH/Restart all extensions are gone but it still playing up.
« Last Edit: February 10, 2016, 02:56:29 AM by samsimonusa »

REDACTED

  • Guest
Re: I have no idea what happened, Please who knows what it is?
« Reply #11 on: February 10, 2016, 02:56:46 AM »
Yes. Now many other program playing up such as Word, Photoshop, Producer 4 etc so pretty much all programs  )   every time I see "not responding" message appearing and disappearing on the program top bar and program freezes for a second when working with it. I guess I'm fucked  :(
« Last Edit: February 10, 2016, 05:40:47 AM by samsimonusa »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I have no idea what happened, Please who knows what it is?
« Reply #12 on: February 10, 2016, 03:45:44 PM »
OK lets look for conflicts now

In the search box type Msconfig and select the programme that appears at the top

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

2.Click to clear the Load Startup Items check box.
NoteThe Use Original Boot.ini check box is unavailable.
3.Click the Services tab.
4.Click to select the Hide All Microsoft Services check box.

5.Click Disable All, and then click OK.
6.When you are prompted, click Restart.


Then let me know how the system is behaving

REDACTED

  • Guest
Re: I have no idea what happened, Please who knows what it is?
« Reply #13 on: February 10, 2016, 10:51:48 PM »
Hi, little better maybe BUT same thing.....  :-\

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: I have no idea what happened, Please who knows what it is?
« Reply #14 on: February 10, 2016, 10:54:24 PM »
OK do you know how to run SFC /scannow ?

http://www.thewindowsclub.com/how-to-run-system-file-checker-analyze-its-logs-in-windows-7-vista

Run this and then see if the problem resolves itself